Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
International Atomic Energy Agency
Challenges and New Considerations in the Defence in Depth Concept
Presented by: Irina Kuzmina, SAS/NSNI, [email protected]
Contributors: P.Hughes, SAS/NSNI Head
A.Lyubarskiy, SAS/NSNI
56 IAEA General Conference - Side Event
CHALLENGES AND NEW CONSIDERATIONS FOR THE DEFENCE IN DEPTH CONCEPT FOR
NUCLEAR POWER PLANTS
19 September 2012
International Atomic Energy Agency2 of 19
� To provide information on the recent developments in the area of Defence in Depth (DiD) at the IAEA and elaborate on emerging challenges
OBJECTIVE OF THE PRESENTATION
HIGHLIGHTS
� Overview of an approach for holistic consideration of DiD (based on the paper presented at ANS PSA-2011 Conference)
� Emerging challenges for further development of the DiD concept
International Atomic Energy Agency3 of 19
Title of the Paper:An Approach for Holistic Consideration of Defence in Depth for Nuclear Installations Using Probabilistic Techniques
ANS PSA-2011 ConferenceInternational Topical Meeting on Probabilistic Safety Assessment and Analysis
• Wilmington NC, USA
• March 13-17, 2011
Authors: I. Kuzmina, M. El-Shanawany, M. Modro, and A. Lyuba rskiy International Atomic Energy Agency (IAEA)
International Atomic Energy Agency4 of 19
ILLUSTRATION OF DiD IN IAEA SAFETY REPORT #46
International Atomic Energy Agency5 of 19
SSG-2: POSSIBLE SUBDIVISION OF POSTULATED IEs
International Atomic Energy Agency6 of 19
AN EXAMPLE OF EVENTS AND ACCIDENTS TO BE CONSIDERED IN DiDEvent and Definition Frequency Range
Deviation – an event expected during the calendar year resulting in insignificant allowable change in plant parameters requiring adjustment by normal operation system
Mean frequency: 1 < F
Note: Deviations to be dealt with at Level 1 of DiD
Anticipated Operational Occurrences (AOO) - an event expected over the lifetime of the plant resulting in a substantial change in plant parameters due to malfunction or failures of normal operation system or external grid failures requiring operation of control systems to prevent reactor scram and/or engineered safety features actuation
Mean frequency: 10-2 < F < 1
Note: AOOs to be dealt with at Level 2 of DiD
Design Basis Accident (DBA) – an infrequent event leading to reactor scram, for which engineered safety features are provided by the design to prevent core damage (CD)
Mean frequency: 10-4 < F <10-2
Note: DBAs to be dealt with at Level 3 of DiD
Beyond Design Basis Accident (BDBA)
1) BDBA NOT directly leading to CD - an unlikely event, for which protection is not considered explicitly in the design, but which may be mitigated (CD avoided) due to the existing safety margins not credited in the design basis
Mean frequency: 10-6 < F < 10-4
Note: - BDBAs not resulting in CD can still be dealt with at Level 3 of DiD - BDBAs resulting in CD to be dealt with at Level-4 of DiD
2) BDBA directly leading to CD – a remote event representing a severe accident for which it is not demonstrated that CD can be prevented even considering the existing safety margins
Mean frequency: F < 10-6
Note: BDBAs directly leading to core damage to be dealt with at Level 4 of DiD
Design Extension?(SSR-2/1)
International Atomic Energy Agency7 of 19
Beyond Design Basis Accident (BDBA)
1) BDBA NOT directly leading to CD - an unlikely event, for which protection is not considered explicitly in the design, but which may be mitigated (CD avoided) due to the existing safety margins not credited in the design basis
Mean frequency: 10-6 < F < 10-4
Note: - BDBAs not directly leading to CD can still be dealt with at Level 3 of DiD
• Initiating events caused by multiple equipment failures (e.g. multiple failures of operational and emergency power supply buses)
• PIEs accompanied by multiple failures in safety systems (e.g. small LOCA with failure of all high pressure injection trains)
2) BDBA directly leading to CD – a remote event representing a severe accident for which it is not demonstrated that CD can be prevented even considering the existing safety margins
Mean frequency: F < 10-6
Note: BDBAs directly leading to core damage to be dealt with at Level 4 of DiD
• Reactor vessel rupture
• Prolonged total loss of all power sources
• Total loss of component cooling water
• Multiple reactor control rod ejection
EXAMPLES OF BDBA (from the paper at ANS PSA 2011 Conference)
International Atomic Energy Agency8 of 19
OVERVIEW OF EVENT TREE TECHNIQUE USED IN PSA
� Accident sequence – a chain of events linking the in itiator and possible consequences� Depending on the success or failure of the modellin g functions
� Main consequences considered in Level 1 PSA:� Plant safe state (OK), core damage (CD)
OK
CD due to loss of Function C
CD due to loss of Function B
CD due to loss of Function A
CONSEQUENCES
International Atomic Energy Agency9 of 19
CONCEPT OF DiD ILLUSTRATED BY THE EVENT TREE TECHNIQ UE
INSAG-12
INSAG-12
International Atomic Energy Agency10 of 19
CONCEPT OF DiD ILLUSTRATED BY THE EVENT TREE TECHNI QUE
International Atomic Energy Agency11 of 19
AN EXAMLE:US NRC considering a proposal for “risk-informed and performance-based concept of defence in depth”
International Atomic Energy Agency12 of 19
■ PSA used in the process of assessing compliance wit h DiD and determining the requirements for reliability of normal operation and safety systems, should be of sufficient scope and follow current state of the art in PSA technology
• A full scope PSA including all operational modes and events (i.e. internal initiating events caused by r andom component failures and human errors, internal hazar ds, and external hazards) is usually required
• A quality PSA should comply with contemporary PSA standards - examples are:�Recently issued IAEA Specific Safety Guides on Leve l-1 and
Level-2 PSA and Applications (SSG-3 and SSG-4, 2010 )
�ASME/ANS PRA Standard
■ An independent peer review is utmost important
REQUIREMENTS FOR PSA QUALITY
International Atomic Energy Agency13 of 19
� Peer reviews by teams of carefully selected independent international experts of Probabilistic Safety Assessments studies performed in MSs
� Conducted in accordance with the dedicated Guidelines
IAEA’sIPSART Service
International ProbabilisticSafety AssessmentReview Team
���� More than 60 missions performed
International Atomic Energy Agency14 of 19
EMERGING CHALLENGES
� Recognizing that DiD is not an absolute ‘panacea’:there will always be some events and accients that could challenge plant safety at different DiD level s• The consideration of frequency of events and
accidents is already implicitly or semi-explicitly included in the DiD concept (‘very unlikely’, ‘practically eliminated’, etc.)
• Should frequencies of different events and accident s be considered explicitly while determining the leve l of DiD at which they should be dealt with?�Clear requirements towards the frequency assessment should
be provided along with a robust consideration of uncertainties
�All hazards should be considered while defining the accident sequence frequencies
International Atomic Energy Agency15 of 19
EMERGING CHALLENGES (Cont.)
� Definition and understanding of DiD � Not only diversity and redundancy of safety systems
� Different perception of technical people to what Level of DiD plant systems are related to
� Reliability of first two levels of DiD� These are aimed at smooth plant operation and prevention of IEs
� Is regulatory control sufficient?
� DiD and design extended conditions (DEC)� The same or different requirements to DEC systems as to DBA-
related safety systems at Level-3 DiD?
� Capability of Level 4 of DiD� For operating NPPs, can we assure that containment and
containment systems are capable to confine releases following severe accidents with corium penetrated the reactor vessel?
International Atomic Energy Agency16 of 19
EMERGING CHALLENGES (Cont.)
� Consideration of SAMG within DiD� Should SAMGs be explicitly recognized as a necessary
element of Level 4 of DiD and get regulatory attention?� What should be requirements towards the systems to be
used in SAMG?
� Independence within and between DiD levels� What should be requirements regarding independence
between safety systems designed for DBA and design extension conditions?
� Independence of systems used in SAM needs to be addressed (e.g. injecting fire water to prevent core melt at Level 3 of DiD and in-vessel retention and ex-vessel cooling at Level 4 of DiD)
� Dependence on the same support systems may be difficult to eliminate at Level 3 and 4 of DiD
International Atomic Energy Agency17 of 19
EMERGING CHALLENGES (Cont.)
� Consideration of siting within DiD� Should siting and site protection features be explicitly
included in DiD?
� Consideration of internal and external hazards within DiD� Should protection against internal and external hazards be
explicitly included in the DiD structure? � Should this be addressed through the overall frequency of
IEs and accidents? Other approaches?
� Holistic application of DiD� Is DiD currently applied in a complete and structured
manner and formalized way? � Are all five levels always consistently considered?
International Atomic Energy Agency18 of 19
CONCLUDING REMARKS
� The approach presented at the ANS Conference can assist in:• Holistic consideration of all levels of DiD in conjunction
with deterministic and probabilistic safety goals a nd success criteria, and
• Defining requirements towards the reliability of normal operation systems and engineered safety features
� The international community is challenged to further develop the DiD safety concept reflecting operational experience and current state-of-the-artin nuclear safety to provide safety of present and future nuclear installations
International Atomic Energy Agency19 of 19
THANK YOU FOR YOUR ATTENTION